Gonzales pressures ISPs on data retention

U.S. Attorney General Alberto Gonzales and FBI Director Robert Mueller on Friday urged telecommunications officials to record their customers' Internet activities, CNET News.com has learned.

In a private meeting with industry representatives, Gonzales, Mueller and other senior members of the Justice Department said Internet service providers should retain subscriber information and network data for two years, according to two sources familiar with the discussion who spoke on condition of anonymity.

The closed-door meeting at the Justice Department, which Gonzales had requested, according to the sources, comes as the idea of legally mandated data retention has become popular on Capitol Hill and inside the Bush administration. Supporters of the idea say it will help prosecutions of child pornography because in many cases, logs are deleted during the routine course of business.

Credit: Anne Broache

Attorney General Alberto Gonzales

In a speech last month at the National Center for Missing and Exploited Children, Gonzales said that Internet providers must retain records for a "reasonable amount of time."

"I will reach out personally to the CEOs of the leading service providers and to other industry leaders," Gonzales said. "Record retention by Internet service providers consistent with the legitimate privacy rights of Americans is an issue that must be addressed."

During Friday's meeting, Justice Department officials passed around pixellated (that is, slightly obscured) photographs of child pornography to emphasize the lurid nature of the crimes police are trying to prevent, according to one source.

A Justice Department spokesman familiar with the administration's stand on data retention was in meetings on Friday and unavailable for comment, a department representative said.

Privacy advocates have been alarmed by the idea of legally mandated data retention, saying that, while child exploitation may be the justification today, those records would be available in all kinds of criminal and civil suits--including terrorism, tax evasion, drug, and even divorce cases.

It was not immediately clear what Gonzales and Mueller meant by suggesting that network data be retained. One possibility is requiring Internet providers to record the Internet addresses their customers are temporarily assigned. A more extensive mandate would require companies to keep track of e-mail messages sent, Web pages visited and perhaps even instant-messaging correspondents.

'Preservation' vs. 'retention'
Two proposals to mandate data retention have surfaced in the U.S. Congress. One, backed by Rep. Diana DeGette, a Colorado Democrat, says that any Internet service that "enables users to access content" must permanently retain records that would permit police to identify each user. The records could only be discarded at least one year after the user's account was closed.

The other was drafted by aides to Wisconsin Rep. F. James Sensenbrenner, the chairman of the House Judiciary Committee, a close ally of President Bush. Sensenbrenner said through a spokesman last week, though, that his proposal is on hold because "our committee's agenda is tremendously overcrowded already."

At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.

In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency.

When adopting its data retention rules, the European Parliament approved U.K.-backed requirements, saying that communications providers in its 25 member countries--several of which had enacted their own data retention laws already--must retain customer data for a minimum of six months and a maximum of two years.

The Europe-wide requirement applies to a wide variety of "traffic" and "location" data, including the identities of the customers' correspondents; the date, time and duration of phone calls, voice over Internet Protocol calls or e-mail messages; and the location of the device used for the communications. But the "content" of the communications is not supposed to be retained. The rules are expected to take effect in 2008.

Discuss: Gonzales pressures ISPs on data retention

See the future of Firefox now

Mozilla is working on a major overhaul of its web browser. Its official release is still months away, but you can take Firefox 57 for a spin today.

by Matt Elliottby Jason Pepper

1:44

Apple to invest $1B in content, Essential phone to ship within a week

The biggest news in the world of tech include Apple's $1 billion dollar commitment to original content, Essential finally shipping preordered phones and Google's Home smartspeaker now allowing for phone calls.